← 返回 Skills 市场
waf-validator-skills
作者
realguoxiufeng
· GitHub ↗
· v1.0.0
· MIT-0
82
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install waf-validator-skills
功能描述
WAF Rule Validator - Tool for testing and validating WAF security rules
安全使用建议
This skill is essentially documentation/instructions for GoTestWAF and a Docker image (wallarm/gotestwaf). Before using it: 1) Confirm you have explicit legal authorization to run security tests against any target (unauthorized scanning is illegal). 2) Verify the upstream project/image (wallarm/gotestwaf) and, if possible, inspect source code or the Docker image provenance before executing. 3) Ensure Go 1.24, Docker, and optional Chrome are installed in an isolated/test environment to avoid accidental impact. 4) Because the skill can trigger network scans, avoid enabling autonomous invocation unless you trust the skill and its operator. 5) No secrets are requested by the skill, but do not supply unrelated credentials when following its examples.
功能分析
Type: OpenClaw Skill
Name: waf-validator-skills
Version: 1.0.0
The skill bundle provides instructions for an AI agent to build and operate GoTestWAF, a security tool designed to test Web Application Firewalls by generating and sending malicious payloads (e.g., SQL injection, XSS). While the behavior is aligned with the stated purpose of security validation, the skill involves high-risk activities such as local binary compilation, execution, and network-based attack simulation. Per the analysis criteria, these risky capabilities are classified as suspicious even if plausibly needed for the tool's function. No evidence of intentional malice, data exfiltration, or backdoors was found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
The name/description describe a WAF testing tool and the SKILL.md contains build/run instructions, options, test-case formats and examples for GoTestWAF and the wallarm/gotestwaf Docker image — these are coherent with a WAF rule validator.
Instruction Scope
Instructions explicitly direct building and running a scanner that generates malicious requests against targets (via ./gotestwaf or Docker). The SKILL.md does not instruct reading unrelated system files or environment variables, but it does enable network scanning and request generation — ensure you have authorization to test any target.
Install Mechanism
This is an instruction-only skill with no install spec or code files. No downloads or install scripts are included in the package itself, which reduces installation risk. The README references building locally or pulling an existing Docker image.
Credentials
The skill declares no required environment variables or credentials. It mentions runtime dependencies (Go 1.24+, Chrome) but does not request unrelated secrets or system config paths — requirements are proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). Note: because the skill can initiate scans, granting autonomous invocation could allow the agent to run network tests without further consent — consider limiting autonomous use if undesired.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install waf-validator-skills - 安装完成后,直接呼叫该 Skill 的名称或使用
/waf-validator-skills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
WAF Rule Validator 是一个用于评估 Web 应用安全解决方案(WAF、API 网关、IPS)的工具。它通过生成恶意请求来测试安全防护规则的有效性,支持 REST、GraphQL、gRPC、SOAP、XMLRPC 等多种 API 协议。
元数据
常见问题
waf-validator-skills 是什么?
WAF Rule Validator - Tool for testing and validating WAF security rules. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 waf-validator-skills?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install waf-validator-skills」即可一键安装,无需额外配置。
waf-validator-skills 是免费的吗?
是的,waf-validator-skills 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
waf-validator-skills 支持哪些平台?
waf-validator-skills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 waf-validator-skills?
由 realguoxiufeng(@realguoxiufeng)开发并维护,当前版本 v1.0.0。
推荐 Skills